How to export RADIUS server certificate on authentication manager 8
Originally Published: 2015-09-08
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8
Issue
Resolution
1.You will need to download a tool called Keystore Explorer from the internet. This is a Windows based program.
2.You will need to download a copy of the certificate database from your AM 8.1 server and copy it to the server where you have the Keystore Explorer program. The certificate database is a file called webserver-identity.jks and it is located on the AM 8.0 server in the /opt/rsa/am/server/security directory. You can use an SFTP client such as Win SCP or Filezilla to download a copy of the file from your AM server.
3.Lookup the certificate private key and keystore file passwords on the AM 8.1 server so you can use the Keystore Explorer program to open and export the certificates. On the RSA server cd to /opt/rsa/am/utils and run the following command;
./rsautil manage-secrets –a listall When you run the command you will be prompted to enter the Operations Console account name and then the password. If you enter the correct account credentials the command will print a list of passwords to the screen. From that list you want to copy the following passwords;
SSL Server Identity Certificate Private Key Password ..: iGegdeO9ev1XG0Y10gIzaAeiLaXY5g
SSL Server Identity Certificate Keystore File Password : rkEoHHgSFzoMmKhqg4C4t0xckbR8NE
Your passwords will be different from the ones listed in this example.
4.Now you have all the information you need to extract your certificate from the jks store copied off the AM 8.1 server.
Use the Keystore Explorer program to open the keystore file (webserver-identity.jks.) When prompted for a password enter the SSL Server Identity Certificate Keystore File Password. Once the keystore is open find the certificate you want to export in the list, right click on the certificate radiusic_client_key and choose Export>Export Key Pair. When prompted for a password enter the SSL Server Identity Certificate Private Key Password. Export the data to a p12 file and then you can use that to import the certificate and private key into your new RSA server.
Related Articles
How to create / recreate a cluster in EA environment Number of Views Password Available External email incorrectly defaults to localhost for hostname in RSA Identity Governance & Lifecycle Number of Views RSA Access Manager Sun Java Server Web Server Agent upgrade is failing when running configure-sjsw7.sh script Number of Views RSA SecurID Access Identity Router publish and access issues after importing certificates Number of Views Export a custom certificate with the private key from an RSA Authentication Manager 8.x server Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
